Cryptography IV Flashcards
Why is storing passwords in plaintext insecure?
If the database is stolen, all passwords are immediately compromised.
Why is storing key-encrypted passwords insecure?
- if passwords stolen, key might also be stolen
Why is storing hashed password a problem?
- identical passwords produce identical hashes
- humans tend to pick same password => frequency analysis
What is the purpose of salting passwords before hashing?
Prevents identical passwords from producing the same hash, stopping precomputed attacks.
What is a salt?
a random string
What does ‘salting a password’ mean?
you hash a password and its salt together
What is the best way to use salting?
- generate a salt per user
=> stops freq analysis
What is a brute force attack?
Trying every possible password until the correct one is found.
How does a dictionary attack work?
It precomputes hashes of common passwords and quickly looks up a match for each hash, in the dictionary
=> large storage, preprocessing time
What are common strategies in intelligent guessing?
Using the top N most common passwords
Dictionary words, names, places, dates
Combinations of words and symbols
Replacing letters with similar-looking numbers (leet speak)
Markov models to predict likely passwords
What is the purpose of secret sharing?
To divide a secret into multiple parts so that only a certain number of participants can reconstruct it.
What is 1-out-of-n Secret Sharing?
Everyone know secret s
What is n-out-of n Secret Sharing?
Split s in n, everyone is needed to reconstruct s
Describe the process of n-out-of n Secret Sharing
Trusted Dealer:
1. Picks random s0, s1
2. s2 = s ⊕ s0 ⊕ s1
Secret Recovery:
s = s0 ⊕ s1 ⊕ s2
= s0 ⊕ s1 ⊕ s ⊕ s0 ⊕ s1
= (s0 ⊕ s0 ) ⊕ s ⊕ (s1 ⊕ s1)
= (00..00) ⊕ s ⊕ (00..00)
= s
Why is (t, n) secret sharing better than n-out-of-n sharing?
It allows recovery of the secret even if some shares are lost.
What is (t, n) threshold secret sharing?
A scheme where any t of the n shares can reconstruct the secret.
How does Shamir’s Secret Sharing work?
It uses polynomials to generate shares, ensuring t-out-of-n security. (Since t points determine exactly one polynomial of degree t-1)
How does 2-Out-Of-n Secret Sharing work?
Since 2 points determine a line, any 2 shares can determine the secret
How does Onion Routing work? (TOR = the onion router)
Messages are encrypted in layers and pass through multiple relays, with each relay decrypting only one layer.
- messages are sent via random sequence of relays (circuit)
- last relay = EXIT NODE
- each node only know previous and next
What are the properties of onion routing?
- Privacy - anonymous communication
Why can an exit node in Tor be dangerous?
It can see the decrypted traffic if encryption is not applied at the application level (e.g., no HTTPS).
Why does Tor use multiple relays?
To prevent any single relay from knowing both the sender and receiver.
What are censoring techniques?
- DNS Blacklist: (blocking domain names)
- IP Blacklist: (blocking specific servers)
- Keyword Blacklist: (blocking searches or URLs with certain words)
What is OONI?
The Open Observatory of Network Interference, which monitors internet censorship worldwide.
goal: free and open internet
What is a bridge relay in Tor?
A hidden relay not listed in directories, used to bypass censorship.
